You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2015/02/11 18:08:12 UTC

[jira] [Commented] (KNOX-390) Include client IP and HTTP verb in audit log

    [ https://issues.apache.org/jira/browse/KNOX-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14316546#comment-14316546 ] 

Kevin Minder commented on KNOX-390:
-----------------------------------

[~andreina], I really want this but I'm concerned about the implications of changing the format of the audit line from a backward compatibility perspective.  This might be something that deserves a [DISCUSS] thread on the dev @ knox mailing list.

Further, I'm not sure that the verb should be a first class attribute.  I'm still debating with myself here.  Some background context is that we were once planning on proposing a general auditing infrastructure to the Hadoop community and our org.apache.hadoop.gateway.audit.api was the API evolving for that.  In that context we were trying to keep it generic (i.e. transport agnostic).  That lead to handling HTTP specific things in the message as is currently done here:
https://github.com/apache/knox/blob/master/gateway-spi/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java#L144
{code}
auditor.audit(Action.DISPATCH, outboundRequest.getURI().toString(), ResourceType.URI, ActionOutcome.SUCCESS, RES.responseStatus(statusCode));
{code}
So we need to decide to either be consistent with that or intentionally diverge towards another goal.

Lastly though, the client ip address though is clearly an oversight and should have been in the original persisted audit record.

> Include client IP and HTTP verb in audit log
> --------------------------------------------
>
>                 Key: KNOX-390
>                 URL: https://issues.apache.org/jira/browse/KNOX-390
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 0.4.0
>            Reporter: Kevin Minder
>             Fix For: 0.6.0
>
>         Attachments: KNOX-390.1.patch
>
>
> The audit log should include the client's IP address as well as the incoming and outgoing HTTP verb.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)